Behavioral task
behavioral1
Sample
amzn.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
amzn.exe
Resource
win10v2004-20240508-en
General
-
Target
amzn.exe
-
Size
13.4MB
-
MD5
d1169346f870e90f3d0bf40c71fecf85
-
SHA1
dfa4c143bd9421414c43095b2b23357a8ef46ab3
-
SHA256
4b6c62a3c3c1b5e3eb91fc586fc9d048684efc1cd2c1d101132c0c3443965614
-
SHA512
120d3234f9901e159e3b220bbc75c007ecdf97edd6426454c9d3679fb29f8992046d780797d72ee0a19495750d72ae4b1b3bad594c58ae697c195121305100b8
-
SSDEEP
393216:bgUF5p/ZTg0+dO1uaRhaT31OC6xtyoDEmp1M2M:bxF5p/Zc0+81JXOAHLhDEsb
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource amzn.exe
Files
-
amzn.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
Size: 1024B - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 10.7MB - Virtual size: 10.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 4B
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 18KB - Virtual size: 167KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 168KB - Virtual size: 168KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 4.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ